General
-
Target
a45b3ac0d54f74237c09e1722fd234b7beb1cc560408a5846234ae2ce952fa3b
-
Size
1.3MB
-
Sample
230505-xfxzvsgh5s
-
MD5
cbedc989ed8d9872f1d696366848d10e
-
SHA1
a7467f46e03678b5a4a81dcac94bf4c091e8856b
-
SHA256
a45b3ac0d54f74237c09e1722fd234b7beb1cc560408a5846234ae2ce952fa3b
-
SHA512
56c3a8fef58a48fe16bc4e49ae7d59302a16b32d91895a1aa4fe56362f8c9cdcf94972ff9fd9895560ab2991a917fcf14c10960f50fc759da6af33706d855474
-
SSDEEP
24576:kyi/egwMjKKF/Mfj9YnmBFNJysmxU0UtuUmON8o86AuopvBkJf4lW:z6egVKc0fj+nmR85TU8qPAuGud4
Malware Config
Extracted
redline
luser
185.161.248.73:4164
-
auth_value
cf14a84de9a3b6b7b8981202f3b616fb
Targets
-
-
Target
a45b3ac0d54f74237c09e1722fd234b7beb1cc560408a5846234ae2ce952fa3b
-
Size
1.3MB
-
MD5
cbedc989ed8d9872f1d696366848d10e
-
SHA1
a7467f46e03678b5a4a81dcac94bf4c091e8856b
-
SHA256
a45b3ac0d54f74237c09e1722fd234b7beb1cc560408a5846234ae2ce952fa3b
-
SHA512
56c3a8fef58a48fe16bc4e49ae7d59302a16b32d91895a1aa4fe56362f8c9cdcf94972ff9fd9895560ab2991a917fcf14c10960f50fc759da6af33706d855474
-
SSDEEP
24576:kyi/egwMjKKF/Mfj9YnmBFNJysmxU0UtuUmON8o86AuopvBkJf4lW:z6egVKc0fj+nmR85TU8qPAuGud4
Score10/10-
Detects Redline Stealer samples
This rule detects the presence of Redline Stealer samples based on their unique strings.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-